It looks a bit like Brainfuck but in fact it is something called jjencoding which I confess is way beyond my limited Javascript skillz. No worries, I used the code at this Github repository to decode it, and that leads to this script.

Now, this script passes some browser variables to the next step (described here, I won't reinvent the wheel), and if you have all your ducks in a row you might get a "Read message" link.

Get it wrong and you get another jjencoded script that turns out to be gobbledegook (like the message seen here).

The download link looks something like this - http://stylista.com.cy/js/jquery-1.7.50.js?get_message=2151693229 - which in this case downloads the curiously named file "message.zip ;.zip ;.zip ;" which contains a file fax_letter_pdf.exe which is of course malicious.

Now, it's worth pointing out that there is strong evidence that the EXE-in-ZIP file downloaded here has several different version. In this case it has a VirusTotal detection rate of 3/56. I have seen at least two other MD5s though, I think each download site might have a different variant.

The Malwr report for this binary takes us a little deeper down the rabbit hole. We can see that it communicates with the following URLs: